hakurei

Author	SHA1	Message	Date
Ophestra	3b8a3d3b00	app: remount root readonly This does nothing for security, but should help avoid hiding bugs of programs developed in a hakurei container. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-08-01 23:56:28 +09:00
Ophestra	ec33061c92	nix: remove nscd cover This is a pd workaround that does nothing in the nixos module. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-08-01 22:04:58 +09:00
Ophestra	547a2adaa4	container/mount: pass tmpfs flags Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-08-01 18:59:06 +09:00
Ophestra	625632c593	nix: update flake lock Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-07-26 18:57:54 +09:00
Ophestra	749a2779f5	test/sandbox: add arm64 constants Most of these are differences in qemu. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-07-09 05:36:35 +09:00
Ophestra	e574042d76	test/sandbox: verify seccomp on all test cases This change also makes seccomp hashes cross-platform. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-07-09 04:21:35 +09:00